﻿//using ELF.Gateway.Jwt;
//using Microsoft.IdentityModel.Tokens;
//using Ocelot.Values;
//using OpenIddict.Validation.AspNetCore;
//using System.Text;

//namespace Microsoft.Extensions.DependencyInjection;

//public static class DependencyInjection
//{
//    public static void AddOpenIddictAuth(this IHostApplicationBuilder builder)
//    {
//        // Customise default API behaviour
//        ConfigureOpenIddict(builder.Services, builder.Configuration);

//        builder.Services.AddSingleton<GatewayJwtService>();
//        builder.Services.AddAuthentication(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);
//    }

//    public static void ConfigureOpenIddict(IServiceCollection services, IConfiguration configuration)
//    {
//        var encryptionKeyText = configuration["OpenIddict:EncryptionKey"];
//        if (string.IsNullOrEmpty(encryptionKeyText))
//        {
//            throw new ArgumentNullException("OpenIddict:EncryptionKey", "请配置证书密钥！");
//        }

//        var identity_server_address = configuration["OpenIddict:Issuer"];
//        if (string.IsNullOrEmpty(identity_server_address))
//        {
//            throw new ArgumentNullException("OpenIddict:Issuer", "请配置身份服务器地址！");
//        }

//        //// 配置OpenIddict
//        //services.AddOpenIddict()
//        //    .AddValidation(options =>
//        //    {
//        //        options.SetIssuer(identity_server_address);
//        //        var encryptionKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(encryptionKeyText));
//        //        options.AddEncryptionKey(encryptionKey);
//        //        options.UseSystemNetHttp();
//        //        options.UseAspNetCore();
//        //    });
//        // 配置 JWT 认证（验证来自认证服务器的令牌）
//        services.AddAuthentication("Bearer")
//            .AddJwtBearer("Bearer", options =>
//            {
//                options.Authority = "http://localhost:8100/api/identity"; // 认证服务器地址
//                options.RequireHttpsMetadata = false; // 开发环境下允许 HTTP
//                options.Audience = "api"; // 与业务服务器要求的受众一致
//                options.TokenValidationParameters = new TokenValidationParameters
//                {
//                    ValidateIssuer = false,
//                    ValidateAudience = false,
//                    ValidateLifetime = false,
//                    ValidateIssuerSigningKey = false, // 忽略 kid 检查
//                    ValidAudience = "api",
//                    ValidIssuer = "http://localhost:8100/api/identity",
//                    IssuerSigningKey =
//                new SymmetricSecurityKey(
//                    Convert.FromBase64String("SguGSpvaRLMwnmnxiBHRdSxRpBDSiD8+8J1qp1czuD8=")),
//                    TokenDecryptionKey =
//                new SymmetricSecurityKey(
//                    Convert.FromBase64String("na8LnVekSu5b3fgdUhyo+KuLTMVGYLtgHrTTpKCB5VY=")),
//                    ValidAlgorithms = new[]
//                    {
//                        SecurityAlgorithms.HmacSha256,
//                        SecurityAlgorithms.Aes256KW,
//                        SecurityAlgorithms.Aes256CbcHmacSha512
//                    }
//                };
//            });
//        services.AddAuthentication(options =>
//        {
//            options.DefaultScheme = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme;
//            options.DefaultChallengeScheme = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme;
//        });
//    }
//}
